General

  • Target

    2024-03-23_6ed531d18c6804873c354b32115629b6_karagany_mafia

  • Size

    250KB

  • Sample

    240323-3lggyseb79

  • MD5

    6ed531d18c6804873c354b32115629b6

  • SHA1

    399c0fb998edee1cdcc230df374b9aec274c1bcf

  • SHA256

    00a6ceb3bff98077e7fab461e68342be7aa51dc4758f7e61bacaa2b0fc1430a3

  • SHA512

    486881d9339d72f8c4f94d30e4d5d66550770b6ee03e3380d40fab6187cc242beaab3df6ae3bf31cd17e1e3dcf2779c2ec53fbd665604182d29a656343bf429e

  • SSDEEP

    6144:/+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxXq:TOCjaklYgVIpxIhDtR

Malware Config

Targets

    • Target

      2024-03-23_6ed531d18c6804873c354b32115629b6_karagany_mafia

    • Size

      250KB

    • MD5

      6ed531d18c6804873c354b32115629b6

    • SHA1

      399c0fb998edee1cdcc230df374b9aec274c1bcf

    • SHA256

      00a6ceb3bff98077e7fab461e68342be7aa51dc4758f7e61bacaa2b0fc1430a3

    • SHA512

      486881d9339d72f8c4f94d30e4d5d66550770b6ee03e3380d40fab6187cc242beaab3df6ae3bf31cd17e1e3dcf2779c2ec53fbd665604182d29a656343bf429e

    • SSDEEP

      6144:/+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxXq:TOCjaklYgVIpxIhDtR

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks